Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9b244373 authored by Tetsuo Handa's avatar Tetsuo Handa Committed by James Morris
Browse files

TOMOYO: Several fixes for TOMOYO's management programs. 



Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent ea0d3ab2

security/tomoyo/common.c

+20 −5
Original line number Diff line number Diff line
@@ -366,7 +366,7 @@ static int tomoyo_read_profile(struct tomoyo_io_buffer *head) 
 *

 *  or

 *

 * # echo '/usr/lib/ccs/editpolicy' > /sys/kernel/security/tomoyo/manager

 * # echo '/usr/sbin/tomoyo-editpolicy' > /sys/kernel/security/tomoyo/manager

 *  (if you want to specify by a program's location)

 *

 * and is deleted by
@@ -376,7 +376,7 @@ static int tomoyo_read_profile(struct tomoyo_io_buffer *head) 
 *

 *  or

 *

 * # echo 'delete /usr/lib/ccs/editpolicy' > \

 * # echo 'delete /usr/sbin/tomoyo-editpolicy' > \

 *                                        /sys/kernel/security/tomoyo/manager

 *

 * and all entries are retrieved by
@@ -556,11 +556,16 @@ static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head, 
{

	unsigned int pid;

	struct tomoyo_domain_info *domain = NULL;

	bool global_pid = false;



	if (sscanf(data, "pid=%u", &pid) == 1) {

	if (sscanf(data, "pid=%u", &pid) == 1 ||

	    (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {

		struct task_struct *p;

		rcu_read_lock();

		read_lock(&tasklist_lock);

		if (global_pid)

			p = find_task_by_pid_ns(pid, &init_pid_ns);

		else

			p = find_task_by_vpid(pid);

		if (p)

			domain = tomoyo_real_domain(p);
@@ -697,6 +702,14 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head) 
		domain->ignore_global_allow_read = !is_delete;

		return 0;

	}

	if (!strcmp(data, TOMOYO_KEYWORD_QUOTA_EXCEEDED)) {

		domain->quota_warned = !is_delete;

		return 0;

	}

	if (!strcmp(data, TOMOYO_KEYWORD_TRANSITION_FAILED)) {

		domain->transition_failed = !is_delete;

		return 0;

	}

	return tomoyo_write_domain_policy2(data, domain, is_delete);

}
@@ -853,6 +866,8 @@ static bool tomoyo_print_mount_acl(struct tomoyo_io_buffer *head, 
				   struct tomoyo_mount_acl *ptr)

{

	const int pos = head->read_avail;

	if (ptr->is_deleted)

		return true;

	if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_ALLOW_MOUNT) ||

	    !tomoyo_print_name_union(head, &ptr->dev_name) ||

	    !tomoyo_print_name_union(head, &ptr->dir_name) ||
@@ -993,7 +1008,7 @@ static int tomoyo_read_domain_policy(struct tomoyo_io_buffer *head) 
 * This is equivalent to doing

 *

 *     ( echo "select " $domainname; echo "use_profile " $profile ) |

 *     /usr/lib/ccs/loadpolicy -d

 *     /usr/sbin/tomoyo-loadpolicy -d

 *

 * Caller holds tomoyo_read_lock().

 */

security/tomoyo/common.h

+2 −0
Original line number Diff line number Diff line
@@ -68,6 +68,8 @@ enum tomoyo_mode_index { 
#define TOMOYO_KEYWORD_SELECT                    "select "

#define TOMOYO_KEYWORD_USE_PROFILE               "use_profile "

#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ  "ignore_global_allow_read"

#define TOMOYO_KEYWORD_QUOTA_EXCEEDED            "quota_exceeded"

#define TOMOYO_KEYWORD_TRANSITION_FAILED         "transition_failed"

/* A domain definition starts with <kernel>. */

#define TOMOYO_ROOT_NAME                         "<kernel>"

#define TOMOYO_ROOT_NAME_LEN                     (sizeof(TOMOYO_ROOT_NAME) - 1)

security/tomoyo/path_group.c

+1 −1
Original line number Diff line number Diff line
@@ -6,7 +6,7 @@ 


#include <linux/slab.h>

#include "common.h"

/* The list for "struct ccs_path_group". */

/* The list for "struct tomoyo_path_group". */

LIST_HEAD(tomoyo_path_group_list);



/**